Liberado Koha 3.22.7 parche de seguridad

Liberado Koha 3.22.7 parche de seguridad

La comunidad de koha se complace en anunciar la liberación del parche 3.22.7.

El parche incluye 1 parche de seguridad, 71 correcciones bugs y 1 mejora

Security bugs fixed

  • [16476] CGI->param(‘foo’) in list context allows XSS (e.g. Javascript injection) in Koha

Critical bugs fixed

Architecture, internals, and plumbing

  • [16505] skips updates if -x is passed
  • [16539] Koha::Cache is incorrectly caching single holidays


  • [16373] reports success but files are not merged


  • [16356] [3.22] Error 500 when returning an item which itemtype is not defined in ItemTypes

Installation and upgrade (web-based installer)

  • [13669] Web installer fails to load sample data on MySQL 5.6+
  • [16402] DB structure cannot be loaded in MySQL 5.7


  • [16517] A server error is raised when creating a new list with an existing name


  • [12752] OVERDUE notice mis-labeled as “Hold Available for Pickup”

Staff Client

  • [15816] Timeout login redirects to home page


  • [14632] Incorrect alert while deleting single item in batch

Test Suite

  • [16561] Regression caused by 15877 – t/db_dependent/Barcodes.t deletes all items from a DB


  • [16426] Import borrowers tool warns for blank and/or existing userids

Other bugs fixed


  • [11203] Datatables in acqusitions do not ignore “stopwords” in titles
  • [13041] Can’t add user as manager of basket if name includes a single quote
  • [16154] Replace CGI->param with CGI->multi_param in list context
  • [16253] Acq: Change “Delete order” to “Cancel order line” on basket summary and receive page
  • [16321] ‘Show all details’ checkbox triggers JS error after jQuery upgrade
  • [16325] Suggestions: Tab “Status unknown” contains all suggestions
  • [16384] When canceling ‘edit basket’, return to basket summary if you came from there

Architecture, internals, and plumbing

  • [15086] Creators layout and template sql has warnings
  • [15877] C4::Barcodes does not correctly calculate db_max for ‘annual’ barcodes
  • [15878] C4::Barcodes::hbyymmincr inccorectly calculates max and should warn when no branchcode present
  • [16104] Warnings “used only once: possible typo” should be removed
  • [16105] Cache::Memory is loaded even if memcache is used
  • [16259] More: Replace CGI->param with CGI->multi_param in list context
  • [16429] Going to circulation from notice triggers may change logged in branch
  • [16452] PatronLists.t raises a warning
  • [16499] logs warnings about Use of uninitialized value
  • [16550] Can’t set opac news expiration date to NULL, it reverts to today


  • [15682] Merging records from cataloguing search only allows to merge 2 records


  • [15919] Batch checkout should show due date in list of checked-out items


  • [16170] Pseudo foreign key in Items


  • [16322] Translatability: “Unknown” in suggestion/ not translatable


  • [16484] Virtualshelves: Using no XSLTResultsDisplay breaks content display in intranet (titles not showing in lists)

MARC Authority data support

  • [14050] Default framework for authorities should not be deletable


  • [1859] Notice fields: can’t select multiple fields at once
  • [16217] Notice’ names may have diverged


  • [16220] The view tabs on are not responsive
  • [16233] Unclosed strong tag in the breaks some display
  • [16315] OPAC Shelfbrowser doesn’t display the full title
  • [16340] JS variable in is declared two times
  • [16478] Translation breaks display of Checkout history in tab Checkouts / On-site-checkouts
  • [16516] showListsUpdate JS function is not defined at the OPAC


  • [9393] Add note to if borrower has pending modifications
  • [12721] Prevent software error if incorrect fieldnames given in sypref StatisticsFields
  • [15823] Can still access patron discharge slip without having the syspref on – Permissions breach
  • [16447] “Borrow Permission” should not be used anymore


  • [16481] Report menu has unexpected issues


  • [13871] OverDrive message when user authentication fails


  • [16041] StaffAuthorisedValueImages & AuthorisedValueImages preferences – impact on search performance
  • [16398] Keep expanded view after clearing the search form

Self checkout

  • [12663] SCOUserCSS and SCOUserJS ignored on selfcheck login page


  • [13877] seasonal predictions showing wrong in test

Staff Client

  • [9387] Feedback message for FAILED check out items are not obvious for visually impaired
  • [16218] (and others) does not include jQuery
  • [16270] Typo authentification vs authentication in 404

System Administration

  • [15009] Planning dropdown button in aqbudget can have empty line


  • [15194] Drop-down menu ‘Actions’ has problem in ‘Saved reports’ page with language bottom bar
  • [16159] guarantor section missing ID on patron add form
  • [16230] Show tooltip with menu item when fund cannot be deleted
  • [16369] Clean up and improve plugins template
  • [16381] Fix capitalization on tags review page
  • [16415] Layout problem on staff client detail page if local cover images are enabled
  • [16439] Allow styling to button for upload local cover images (Font Awesome Icons)
  • [16480] Unclosed tag span in shelves on intranet

Test Suite

  • [14144] Silence warnings t/db_dependent/Auth_with_ldap.t
  • [14362] PEGI 15 Circulation/AgeRestrictionMarkers test fails
  • [16390] Accounts.t does not need MPL
  • [16407] Fix Koha_borrower_modifications.t
  • [16501] Remove some unneeded warns in Upload.t



  • [15403] Confirm messages in intranet lists interface strangely worded

About the Author

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Integer ut orci aliquam dui venenatis faucibus. Duis a vestibulum sapien. Proin placerat ac velit hendrerit vestibulum. Sed fermentum ante urna, ut ultrices justo cursus sit amet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Integer ut orci aliquam dui venenatis faucibus. Duis a vestibulum sapien. Proin placerat ac velit hendrerit vestibulum.

Leave a comment